Cisco Threat Defense Bulletin S972 March 17, 2017

CSIO banner left
Globe banner right

In This Issue
News and Notes
Supported Sensor Software Versions
Release Summary
New Vulnerability and Exploit Protections
Sensor Update Information
Security Research Library

Cisco Security Intelligence Operations
Threat Map
Identify, Analyze, Defend
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.

Your feedback makes our bulletin better! Please tell us what you love and what you would change at

View the web version of this bulletin.

Download the S972 sensor package (sensor only).

Subscribe and Unsubscribe links are located at the bottom of the bulletin, or click here

News and Notes

End-of-Sale for Cisco Services for Intrusion Prevention System Support Program

Cisco announces the end-of-sale and end-of-life dates for the Cisco Services for Intrusion Prevention System (IPS) Support Program.
Please refer to the following link for Details:
End-of-Sale for Cisco Services for Intrusion Prevention System Support Program

To view the list of products already past the End of Signature Support, click here

Supported Sensor Software Versions

Signature updates are currently tested on the following sensor software releases according to the terms
defined in the End-of-Sale Policy for Signature File Release on Intrusion Detection and Prevention (IDS/IPS) Sensors:

7.1(11) (Released: 07/DEC/2015)

7.1(11p1) (Released: 11/APR/2016)

7.2(2) (Released: 05/FEB/2014)

7.3(5) (Released: 15/FEB/2016)

Please upgrade to the latest sensor software versions to ensure correct sensor operation and effective signature coverage.

Release S972 - March 17, 2017
Release Summary
Vulnerability CVE Severity Risk Rating Signature ID History Status
Cisco IOS Software CMP... CVE-2017-3881 High 90 7880.0 New Enabled
New Vulnerability and Exploit Protections
Cisco IOS Software CMP...
Vulnerability Disclosed: 3/17/2017
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload or to remotely execute code with elevated privileges. The CMP uses Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: the failure to restrict use of CMP-specific Telnet options to only internal, local communications between cluster members, instead accepting and processing such options over any Telnet connection to an affected device; and, the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device that is configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause the device to reload.
Severity Description Protected Since Signature ID Event Action
High Cisco IOS CMP Buffer Overflow 7880.0 Block*
More Details:

* Inline sensor with Event Action Override set to "deny-packet-inline" at Risk Rating 90 (Cisco default configuration)

Sensor Update Information

Signature Updates

Signature updates may be downloaded automatically by Cisco Security Manager (CSM), IPS Manager Express (IME) and Cisco Security Monitoring, Analysis, and Response System (CS-MARS). The following links are for manual downloads.

Sensor Appliance Updates
IPS 4300, and 4500 Series sensors, IDSM-2 Catalyst module, AIM-IPS module, ASA-AIP IPS module

IOS IPS Updates
IOS IPS in Mainline and T-Train Releases prior to 12.4(11)T (Includes NEW Basic and Advanced Set)
IOS IPS in 12.4(11)T or later T-Train

Cisco Security Manager
Please click 
here to download the latest Cisco Security Manager (CSM) signature update package.

Security Research Library
Increase your knowledge of today's vulnerabilities, tomorrow's threats, and the technology necessary to keep up.
Cisco Security Intelligence Operations
Comprehensive threat intelligence, analysis, and defense to help inform and protect organizations.
Cyber Risk Reports
Weekly strategic intelligence product that highlights current security activity and mid- to long-range perspectives, also available as a podcast.
Cisco IntelliShield Alerts
Up-to-the-minute, actionable intelligence, in-depth vulnerability analysis, and highly reliable threat validation to assist in proactive prevention.
Cisco Applied Mitigation Bulletins
Techniques that use Cisco product abilities to detect and mitigate the most important security events and vulnerabilities.
Security Multimedia Library
Podcasts, video datasheets, webcasts and videos with solutions for today's problems.
Cisco Security Intelligence Operations Tactical Resources
Guidance on specific technologies and problem sets to help organizations secure business applications and processes by identifying, preventing, and adapting to threats.
Cisco Security Services
Professional services to support your Self-Defending Network.
Cisco Security Solutions
Discover the breadth of Cisco solutions available to solve your organization's security issues.
Cisco Security Blog
Collaborate with the Cisco Security Community and gain insights into emerging security threats, trends, and best practices.

This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document at any time.

Contacts | Feedback | Subscribe | Unsubscribe
Terms & Conditions | Privacy Statement | Trademarks of Cisco Systems Inc.

© 1992-2014 Cisco Systems Inc. All rights reserved.

Cisco Systems, Inc.
Corporate Headquarters 
170 West Tasman Dr.
San Jose, CA 95134